Efficiently check role claim

Because all Identity objects in ASP.NET are now a ClaimsIdentity, you could always cast the current IPrincipal to a ClaimsIdentity:

((System.Security.Claims.ClaimsIdentity)User.Identity).HasClaim("role", "AwesomeUserRole")

But it is actually easiest to just use User.IsInRole("AwesomeUserRole")

As long as you haven't changed the default configuration, claims with the type of role are automatically fed into the roles collection for the thread principal.

If you need to check for additional claim types besides roles, I usually create a set of extension methods for IPrincipal that wrap the claim checks:

public static bool CanDoX(this IPrincipal principal)
{
    return ((ClaimsIdentity)principal.Identity).HasClaim(claimType, claimValue);
}

The benefit of the extension method is that you can check for any kind of claim and return any values they may contain, not just whether or not the claim exists.

Bear in mind that a Principal can have more than one identity associated with it, e.g. you have authenticated with Windows Authentication, but then added a custom identity with claims from your database.

So any claim check potentially needs to look at all identities, here's a couple of extension methods that will help

public static bool ClaimExists(this IPrincipal principal, string claimType)
{
    var ci = principal as ClaimsPrincipal;
    if (ci == null)
    {
        return false;
    }

    var claim = ci.Claims.FirstOrDefault(x => x.Type == claimType);

    return claim != null;
}

public static bool HasClaim(this IPrincipal principal, string claimType,
                            string claimValue, string issuer = null)
{
    var ci = principal as ClaimsPrincipal;
    if (ci == null)
    {
        return false;
    }

    var claim = ci.Claims.FirstOrDefault(x => x.Type == claimType
                                         && x.Value == claimValue
                                         && (issuer == null || x.Issuer == issuer));

    return claim != null;
}